Lucene search
K
CvelistMost viewed

365258 matches found

Cvelist
Cvelist
added 2024/12/20 6:59 a.m.183 views

CVE-2024-12571 Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion

The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'slengine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS0.00901EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/26 7:19 p.m.183 views

CVE-2022-26763

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with syst...

8.1AI score0.03546EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/05/13 2:30 p.m.183 views

CVE-2022-28824 Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Framemaker versions 2029u8 and earlier and 2020u4 and earlier are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.02579EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/13 12:0 a.m.183 views

CVE-2022-22957

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities CVE-2022-22957 & CVE-2022-22958. A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote...

8.4AI score0.23084EPSS
Exploits5References3
Cvelist
Cvelist
added 2021/10/15 2:22 p.m.183 views

CVE-2021-40728 Adobe Acrobat Reader DC Use After Free Arbitrary Code Execution

Adobe Acrobat Reader DC version 21.007.20095 and earlier, 21.007.20096 and earlier, 20.004.30015 and earlier, and 17.011.30202 and earlier is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution...

7.8CVSS7.9AI score0.53533EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/07 3:7 p.m.183 views

CVE-2021-40726 Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is...

7.8CVSS7.9AI score0.05118EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/27 12:0 a.m.182 views

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

0.01346EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/06/15 8:23 p.m.182 views

CVE-2022-30647 Adobe Illustrator Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Illustrator versions 26.0.2 and earlier and 25.4.5 and earlier are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.02424EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/26 12:0 a.m.182 views

CVE-2021-41617

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with...

7.7AI score0.02367EPSS
Exploits2References14
Cvelist
Cvelist
added 2023/05/15 12:15 p.m.180 views

CVE-2023-0600 WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

10AI score0.04234EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/05/06 5:7 p.m.180 views

CVE-2022-28271 Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Photoshop versions 22.5.6 and earlierand 23.2.2 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file...

7.8CVSS8AI score0.0319EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/12 11:24 p.m.180 views

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

4.8AI score0.01677EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/01/14 7:5 p.m.180 views

CVE-2021-45064 Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this...

7.8CVSS7.9AI score0.11546EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/25 2:51 p.m.180 views

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin...

8.1CVSS9.8AI score0.28983EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/05 5:30 p.m.180 views

CVE-2021-39226 Snapshot authentication bypass in grafana

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

9.8CVSS8.5AI score0.99888EPSS
Exploits1References8
Cvelist
Cvelist
added 2021/09/16 2:40 p.m.180 views

CVE-2021-40438 mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9.5AI score0.99999EPSS
Exploits5References19
Cvelist
Cvelist
added 2021/07/07 11:20 a.m.180 views

CVE-2021-22555 Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

8.3CVSS8.4AI score0.78684EPSS
Exploits21References9
Cvelist
Cvelist
added 2021/08/20 6:9 p.m.179 views

CVE-2021-28624 Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Bridge version 11.0.2 and earlier are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a...

7.8CVSS8AI score0.05343EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/10 7:10 a.m.179 views

CVE-2020-35452 mod_auth_digest possible stack overflow by one nul byte

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

8.5AI score0.53191EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/06/15 7:24 p.m.178 views

CVE-2022-28842 Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 and earlier versions is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.02857EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/02 4:7 p.m.178 views

CVE-2021-28553 Adobe Acrobat Reader use-after-free vulnerability could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the curren...

8.8CVSS8.9AI score0.03539EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/24 8:14 a.m.177 views

CVE-2023-22581 White Rabbit Switch - Unauthenticated remote code execution

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application the default installation makes the webserver run as the root user...

9.8CVSS9.8AI score0.00692EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/25 2:1 p.m.177 views

CVE-2022-33965 WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

Multiple Unauthenticated SQL Injection SQLi vulnerabilities in Osamaesh WP Visitor Statistics plugin = 5.7 at WordPress...

9.3CVSS10AI score0.03413EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/15 7:29 p.m.178 views

CVE-2022-28849 Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Bridge version 12.0.1 and earlier versions is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.02577EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/29 3:37 p.m.177 views

CVE-2021-39838 Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current use...

7.8CVSS7.9AI score0.64297EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/24 5:50 p.m.177 views

CVE-2021-28632 ZDI-CAN-13471: Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the curren...

7.8CVSS7.8AI score0.05172EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/08 10:54 a.m.177 views

CVE-2021-32462

Trend Micro Password Manager Consumer version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is...

9.4AI score0.05232EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/07 3:7 p.m.176 views

CVE-2021-40725 Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is...

7.8CVSS7.9AI score0.05118EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/29 3:37 p.m.176 views

CVE-2021-39841 Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a Type Confusion vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue...

7.8CVSS7.7AI score0.1134EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/29 3:37 p.m.176 views

CVE-2021-39840 Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required ...

7.8CVSS7.8AI score0.49525EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/02 4:9 p.m.176 views

CVE-2021-28561 Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the...

8.8CVSS9AI score0.03265EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/24 5:51 p.m.176 views

CVE-2021-28551 Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the...

7.8CVSS7.7AI score0.0339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/12 11:5 a.m.175 views

CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site ...

9.8CVSS0.04156EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/08 10:0 a.m.175 views

CVE-2022-30522 mod_sed denial of service

If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

8.8AI score0.90407EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/05/13 2:28 p.m.175 views

CVE-2022-28823 Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Framemaker versions 2029u8 and earlier and 2020u4 and earlier are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.9AI score0.02579EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/02 4:6 p.m.175 views

CVE-2021-28558 Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary cod...

8.8CVSS9AI score0.10362EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/29 3:37 p.m.174 views

CVE-2021-39839 Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user...

7.8CVSS7.9AI score0.64297EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/29 3:37 p.m.174 views

CVE-2021-39836 Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user...

7.8CVSS7.9AI score0.68696EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/29 3:37 p.m.173 views

CVE-2021-39837 Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user...

7.8CVSS7.9AI score0.64297EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/02 4:8 p.m.173 views

CVE-2021-28560 Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of...

8.8CVSS8.9AI score0.66918EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/24 5:50 p.m.173 views

CVE-2021-28554 Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the...

7.8CVSS7.8AI score0.46031EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/03/24 1:0 a.m.173 views

CVE-2016-1755

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app, a different vulnerability than CVE-2016-1754...

6.5AI score0.05136EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/05/07 3:21 p.m.172 views

CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

7.2CVSS0.34454EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/19 12:44 p.m.172 views

CVE-2025-7823 Jinher OA ProjectScheduleDelete.aspx xml external entity reference

A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS0.00483EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/09/29 3:38 p.m.172 views

CVE-2021-39842 Adobe Acrobat Reader DC messageHandler.OnMessage Use-After-Free Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...

7.8CVSS7.9AI score0.16828EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/08 9:18 a.m.171 views

CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

8.8CVSS0.00817EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/28 12:0 a.m.171 views

CVE-2022-2479

Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page...

5.3AI score0.0071EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/09/29 3:38 p.m.171 views

CVE-2021-39843 Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability

Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

7.8CVSS7.9AI score0.76055EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/24 5:51 p.m.171 views

CVE-2021-28631 Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 and earlier, 2020.001.30025 and earlier and 2017.011.30196 and earlier are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the curren...

7.8CVSS7.8AI score0.04709EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/15 12:0 a.m.171 views

CVE-2021-31618 NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

8.8AI score0.51208EPSS
Exploits0References13
Total number of security vulnerabilities5000